name: License Report Workflow

on:
  push:
    branches:
      - main
    paths:
      - "build.gradle"

permissions:
  contents: read

jobs:
  generate-license-report:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
        with:
          egress-policy: audit

      - name: Generate GitHub App Token
        id: generate-token
        uses: actions/create-github-app-token@0d564482f06ca65fa9e77e2510873638c82206f2 # v1.11.5
        with:
          app-id: ${{ secrets.GH_APP_ID }}
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}

      - name: Check out code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Set up JDK 17
        uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
        with:
          java-version: "17"
          distribution: "adopt"

      - uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0

      - name: check the licenses for compatibility
        run: ./gradlew clean checkLicense

      - name: FAILED - check the licenses for compatibility
        if: failure()
        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
        with:
          name: dependencies-without-allowed-license.json
          path: |
            build/reports/dependency-license/dependencies-without-allowed-license.json
          retention-days: 3

      - name: Move and Rename License File
        run: |
          mv build/reports/dependency-license/index.json src/main/resources/static/3rdPartyLicenses.json

      - name: Set up git config
        run: |
          git config --global user.name "stirlingbot[bot]"
          git config --global user.email "1113334+stirlingbot[bot]@users.noreply.github.com"

      - name: Run git add
        run: |
          git add src/main/resources/static/3rdPartyLicenses.json
          git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV

      - name: Create Pull Request
        id: cpr
        if: env.CHANGES_DETECTED == 'true'
        uses: peter-evans/create-pull-request@dd2324fc52d5d43c699a5636bcf19fceaa70c284 # v7.0.7
        with:
          token: ${{ steps.generate-token.outputs.token }}
          commit-message: "Update 3rd Party Licenses"
          committer: "stirlingbot[bot] <1113334+stirlingbot[bot]@users.noreply.github.com>"
          author: "stirlingbot[bot] <1113334+stirlingbot[bot]@users.noreply.github.com>"
          signoff: true
          branch: update-3rd-party-licenses
          title: "Update 3rd Party Licenses"
          body: |
            Auto-generated by StirlingBot
          labels: licenses,github-actions
          draft: false
          delete-branch: true
          sign-commits: true

      - name: Enable Pull Request Automerge
        if: steps.cpr.outputs.pull-request-operation == 'created'
        run: gh pr merge --squash --auto "${{ steps.cpr.outputs.pull-request-number }}"
        env:
          GH_TOKEN: ${{ steps.generate-token.outputs.token }}